Malcolm Marshall – UK and global lead in KPMG’s cyber security practice – has commented on the impact that international political disputes can have on organisations’ ability to conduct ‘business as usual’.
“While attention is focused on the search for resolutions in the ‘corridors of power’,” stated Marshall, “businesses need to be ready to defend themselves, as the cyber space in which they operate increasingly becomes the new battleground.”
Marshall continued: “Businesses are so focused on cyber attacks by organised criminals that it’s easy for them to ignore the possibility of being targeted by groups wanting to make a political point, possibly even with backing from a hostile Government.”
He went on to comment: “Over the past five years, the international business community has seen a number of incidents where websites have been hacked so that political messages can be uploaded where they will receive widespread exposure. The Syrian Electronic Army is just one example among many. ‘Hacktivists’ are certainly more active during periods of international tension, but the next step is the one that businesses should be wary of.”
KPMG’s cyber leader explained: “Cyber attacks are becoming part of international conflict, and it seems that probing cyber attacks are likely to be the first element in the hostile phase of future conflicts. The well-worn phrase about who has their ‘finger on the button’ has taken on a new meaning. This is something that banks, financial institutions and global businesses need to consider. After all, the ability to disrupt electronic trade, divert funds or overload IT systems so that transactions cannot be completed may have an effect that stretches far beyond the geographies where disputes are raging.”
In conclusion, Marshall said: “This doesn’t mean organisations should panic and ‘bunker down’. What it does mean is that, just as scenarios are planned to help in dealing with major physical security breaches, so organisations need to put plans in place that recognise we now operate in a world without cyber borders. If businesses can successfully build these defences and take proactive steps to protect themselves, they will reduce the chances of inadvertently becoming embroiled in a wider dispute.”
Vehicles should be ‘Secure by Design’ when it comes to cyber security
Maintaining the cyber security theme, Wil Rockall – director of information protection within KPMG’s cyber security practice – has voiced his opinions on news that security experts have developed technology that would keep automobiles safe from cyber attacks.
“As the automotive industry increases the level of technology used in new vehicles,” said Rockall, “the nature of the threats faced also increases, particularly in the form of cyber attacks. These attacks could potentially allow cyber criminals to penetrate in-car systems, either using physical interaction or by seizing control through attacks over the Internet.”
Typically, a connected car network has over 50 potential access points for a cyber attacker, and this will only increase as the level of technology integrated within cars escalates.
“Three years ago, criminals sought access to vehicles by stealing the keys,” asserted Rockall, “but today three-quarters of cars stolen in London are stolen without them, principally through electronic methods. It’s important that cyber attacks don’t become physical ones because manufacturers are unable or unwilling to design-in security.”
Rockall believes the automotive industry needs to invest in creating systems that are securely built and well-tested, with capabilities that can be improved as threats evolve and vulnerabilities are discovered.
The public must be able to trust the new systems put in place, suggests Rockall, and be confident that when operating their vehicles a ‘crash’ isn’t going to be caused by cyber attackers.
“Simply introducing a car ‘security product’ isn’t a strong enough defence,” urged Rockall, “and neither is it a wise strategic direction of travel for the industry. We should look towards making vehicles ‘Secure by Design’. This will provide security measures aimed at preventing vulnerabilities from being ‘attackable’ rather than accepting flaws in design and masking them with a third party conventional security product.”